» RioBranco.exe
Overview
Analysis
File Details
Downloads (4)

RioBranco.exe

The file RioBranco.exe has been detected as malware by 25 anti-virus scanners. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from qralvw-dm2305.files.1drv.com and multiple other hosts.

File name:

RioBranco.exe

Version:

1.0.0.0

MD5:

2650c3b04ed3b0af8db7eb7eee3ce1f2

SHA-1:

2bb9a24afb8f01248540f05323973ff8197be0fb

SHA-256:

30a9fe03d97f66fa77bc0c67ef59404dc34502a765f71f8835bac109e330d82a

Scanner detections:

25 / 68

Status:

Malware

Analysis date:

4/23/2024 4:16:43 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Zusy.162288

469

Agnitum Outpost

Trojan.Agent

7.1.1

AhnLab V3 Security

Trojan/Win32.Banload

2015.10.04

Avira AntiVirus

TR/Dldr.Agent.219136.11

8.3.2.2

Arcabit

Trojan.Zusy.D279F0

1.0.0.568

avast!

Win32:Banker-MGN [Trj]

2014.9-151023

AVG

Downloader.MSIL

2016.0.2947

Bitdefender

Gen:Variant.Zusy.162288

1.0.20.1480

Emsisoft Anti-Malware

Gen:Variant.Zusy.162288

8.15.10.23.02

ESET NOD32

MSIL/TrojanDownloader.Banload.ET (variant)

9.12351

Fortinet FortiGate

MSIL/Banload.ER!tr.dldr

10/23/2015

F-Secure

Gen:Variant.Zusy.162288

11.2015-23-10_6

G Data

Gen:Variant.Zusy.162288

15.10.25

IKARUS anti.virus

Trojan-Downloader.MSIL.Banload

t3scan.1.9.5.0

K7 AntiVirus

Trojan-Downloader

13.210.17417

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.1232

Malwarebytes

Trojan.Banker.MSIL

v2015.10.23.02

McAfee

Trojan-FHBW!2650C3B04ED3

5600.6603

Microsoft Security Essentials

TrojanDownloader:MSIL/Banload.AA

1.1.12101.0

MicroWorld eScan

Gen:Variant.Zusy.162288

16.0.0.888

NANO AntiVirus

Trojan.Win32.Agent.dxbudb

0.30.26.3725

Qihoo 360 Security

HEUR/QVM03.0.Malware.Gen

1.0.0.1015

Sophos

Mal/Generic-S

4.98

Trend Micro

TROJ_GEN.R01TC0DIL15

10.465.23

VIPRE Antivirus

Trojan.Win32.Generic

44258

File size:

214 KB (219,136 bytes)

Product version:

1.0.0.0

Original file name:

RioBranco.exe

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\cf74.tmp

File PE Metadata

Compilation timestamp:

9/16/2015 4:51:31 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

3072:azJ+lM+sEvWfROJLhfJpreQ00ws/R3b/rz3qh3Vbt08VyW6h9l4baRYX2NCancR9:JWROJNhpeBUDnqB0wBK9

Entry address:

0x365EE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 43, C8, F9, 55, 00, 00, 00, 00, 02, 00, 00, 00, 64, 00, 00, 00, 1C, 80, 03, 00, 1C, 4A, 03, 00, 52, 53, 44, 53, 21, 3F, 9C, 2F, BC, EE, 6E, 42, 8D, FD, EA, 62, 08, 73, 24, E3, 01, 00, 00, 00, 43, 3A, 5C, 55, 73, 65, 72, 73, 5C, 41, 64, 6D, 69, 6E, 5C, 44, 65, 73, 6B, 74, 6F, 70, 5C, 4C, 6F, 72, 64, 5C, 4C, 6F, 72, 64, 20, 5A, 49, 50, 32, 5C, 47, 75, 6E, 5C, 47, 75, 6E, 5C, 6F, 62, 6A, 5C, 78, 38, 36, 5C, 52, 65, 6C, 65... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

209.5 KB (214,528 bytes)

The file RioBranco.exe has been seen being distributed by the following 4 URLs.

https://qralvw-dm2305.files.1drv.com/.../Adobe Flash Player 2015.exe

http://bit.ly/1Khy6nU

http://bit.ly/1FNKaet

http://bit.ly/1Lz46Ut

Remove RioBranco.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.